Well in many nation you can only get a phone number by showing ID, hence the number itself isnt anonymized.
So if there is a legal request to signal they hand over the number and u already de anonymized.
If you dont use your own number you have to relock signal every week (manual) so the number cant be used for account takeover…why is that lock even on a timer? That just sounds like a trap.
But lets assume u used your own number, and it gets found out.
With that number it would be easy af for a state actor to send u a zero day SMS to take over your phone…there are so many reasons why a phone number is just bad to use as a identifier in a privacy focused app.
The technical hurdles to allow account creation without phone number or like just to have number as optional, are very low.
The official reason for the numbers is spam protection…but there are a lot of privacy messengers out there that dont use numbers and dont have a spam problem.
would be easy af for a state actor to send u a zero day SMS to take over your phone.
Two problema with this logic
do you think a state actor needs to leak the phone number from signal to find out your number?
0-click SMS exploits are possibile, but extremely rare and extremely expensive. Someone with such an exploit won’t burn it for random Joe.
Edit: In any case, if your security depends on malicious actors not discovering your phone number, a generally public piece of information, your have no security to begin with.
there are a lot of privacy messengers out there that dont use numbers and dont have a spam problem.
Because they have not users either. You are talking about niches in a niche segment of a niche market.
Using a phone number that is used only for account creation is a non-issue overblown by a lot of people. Your phone number is likely in the contact list of tens or hundreds of people, already comfortably associated with your name and conveniently shared with many applications that your contacts use.
The association between phone number and identity is something that telco companies can already (and do) provide to authorities.
The only bit of metadata that is added is that “person X uses signal” which in itself is an irrelevant piece of data.
In any case, if your security depends on malicious actors not discovering your phone number, a generally public piece of information, your have no security to begin with.
I am taking the time to remove my info from the various aggregators, and it is scary the kind of detailed info that exists out there just as public information.
As you say, if you are worried about a phone number being tied to your identity, it’s already public information.
Well in many nation you can only get a phone number by showing ID, hence the number itself isnt anonymized. So if there is a legal request to signal they hand over the number and u already de anonymized. If you dont use your own number you have to relock signal every week (manual) so the number cant be used for account takeover…why is that lock even on a timer? That just sounds like a trap.
But lets assume u used your own number, and it gets found out. With that number it would be easy af for a state actor to send u a zero day SMS to take over your phone…there are so many reasons why a phone number is just bad to use as a identifier in a privacy focused app. The technical hurdles to allow account creation without phone number or like just to have number as optional, are very low. The official reason for the numbers is spam protection…but there are a lot of privacy messengers out there that dont use numbers and dont have a spam problem.
Two problema with this logic
Edit: In any case, if your security depends on malicious actors not discovering your phone number, a generally public piece of information, your have no security to begin with.
Because they have not users either. You are talking about niches in a niche segment of a niche market.
Using a phone number that is used only for account creation is a non-issue overblown by a lot of people. Your phone number is likely in the contact list of tens or hundreds of people, already comfortably associated with your name and conveniently shared with many applications that your contacts use. The association between phone number and identity is something that telco companies can already (and do) provide to authorities. The only bit of metadata that is added is that “person X uses signal” which in itself is an irrelevant piece of data.
I am taking the time to remove my info from the various aggregators, and it is scary the kind of detailed info that exists out there just as public information.
As you say, if you are worried about a phone number being tied to your identity, it’s already public information.